Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Successful Install on Watchguard Firebox X700!

    Scheduled Pinned Locked Moved Hardware
    690 Posts 151 Posters 1.2m Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • stephenw10S Offline
      stephenw10 Netgate Administrator
      last edited by

      I remember reading about this some time ago unfortunately I have forgotten most of the detail and can't find the page now!  ::)
      Anyway it had something to do with fragmented packets.
      Basically a cheap 'dumb' switch send any old packet towards the firebox where as a smart switch does a much better job of reassembling bad packets correctly. However that really deppends on the switch software so some are better than others.

      There has been a lot of work gone into this over the years. Hopefully with the first 2.1 builds based on FreeBSD 9 there may be some resolution.

      Steve

      1 Reply Last reply Reply Quote 0
      • U Offline
        Unubtanium
        last edited by

        @stephenw10:

        I remember reading about this some time ago unfortunately I have forgotten most of the detail and can't find the page now!  ::)
        Anyway it had something to do with fragmented packets.
        Basically a cheap 'dumb' switch send any old packet towards the firebox where as a smart switch does a much better job of reassembling bad packets correctly. However that really deppends on the switch software so some are better than others.

        There has been a lot of work gone into this over the years. Hopefully with the first 2.1 builds based on FreeBSD 9 there may be some resolution.

        Steve

        Lets hope 2.1 will do its magic, but for now i am looking for a x550e that i can test on because the other is in production environment  doing 3 wans with failover and load balance with 2 lans too  =)

        Thanks again Steve for teaching me,, Did wish i had your Skills

        1 Reply Last reply Reply Quote 0
        • M Offline
          m4f1050
          last edited by

          Trying to install this on X500, someone mentioned it being same hw as the other X seires, I read somewhere I had to flash new firmware to allow it to boot > 512mb CF card, is this correct?

          http://documentation.dbernhardt.com/pfsense/article.html
          

          X750EB2.BIN or does it have to be X500?

          1 Reply Last reply Reply Quote 0
          • B Offline
            Brak
            last edited by

            @m4f1050:

            Trying to install this on X500, someone mentioned it being same hw as the other X seires, I read somewhere I had to flash new firmware to allow it to boot > 512mb CF card, is this correct?

            http://documentation.dbernhardt.com/pfsense/article.html
            

            X750EB2.BIN or does it have to be X500?

            No, an X500 should be able to boot from anything without any BIOS modifications. Just try installing a nanobsd image of pfSense onto a CF and give it a try.

            1 Reply Last reply Reply Quote 0
            • M Offline
              m4f1050
              last edited by

              I will be trying to boot form 2gb CF card (or any size, I just need to know what is the highest size CF I can use on the X500)

              Thanks!

              1 Reply Last reply Reply Quote 0
              • stephenw10S Offline
                stephenw10 Netgate Administrator
                last edited by

                Mmm, yes that article you linked to is a bit confusing. It doesn't specify which Firebox it's for.
                Like Brak said, there's no need to flash the bios. There should be no restriction on the CF size however there is no advantage to using a larger one. 1GB is fine.

                Steve

                1 Reply Last reply Reply Quote 0
                • M Offline
                  m4f1050
                  last edited by

                  @stephenw10:

                  Mmm, yes that article you linked to is a bit confusing. It doesn't specify which Firebox it's for.
                  Like Brak said, there's no need to flash the bios. There should be no restriction on the CF size however there is no advantage to using a larger one. 1GB is fine.

                  Steve

                  Great news guys, thanks!  Will be doing this very soon when I get my 2gb CF in.  In re: to size, wouldn't it be better for logging if I had a bigger sized one?

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S Offline
                    stephenw10 Netgate Administrator
                    last edited by

                    All logging in pfSense is done to RAM. In the NanoBSD install almost nothing is written to the CF card other than config changes. This done to preserve the card due to it's limited write cycles.
                    If you need extensive logging or long term log storage you have to use a separate syslog server.

                    From a personal point of view this is the one part of pfSense that I find lacking. At home I don't have another machine that's always on so running a syslog server is not an option.

                    About the only possible advantage of using a bigger CF card is that there are more memory blocks to use for ware leveling. However since NanoBSD is especially designed to get around this it's not really a problem.

                    You do get more space for packages but you won't fill it anyway.

                    Steve

                    1 Reply Last reply Reply Quote 0
                    • M Offline
                      m4f1050
                      last edited by

                      I agree with you.  Sucks we cant log to cf…  I prob wont be running any pckgs.  I do have an unRAID box I can store logs to.... Hmmmm...  And maybe I could run sickbeard, couchpotato, sabnzbd, transmizzion on the firebox..? Even still I wont fill up even a gig cf...

                      1 Reply Last reply Reply Quote 0
                      • D Offline
                        dig1234
                        last edited by

                        @m4f1050:

                        I agree with you.  Sucks we cant log to cf…  I prob wont be running any pckgs.  I do have an unRAID box I can store logs to.... Hmmmm...  And maybe I could run sickbeard, couchpotato, sabnzbd, transmizzion on the firebox..? Even still I wont fill up even a gig cf...

                        What about using a 2.5" hard drive, I thought that was the recommended method? Can you get persistent logs that way? (Mine just came will be attempting setup soon..)

                        1 Reply Last reply Reply Quote 0
                        • stephenw10S Offline
                          stephenw10 Netgate Administrator
                          last edited by

                          To be consistent across the install versions, all log only to ram. Though I should point out that I have only ever done a HD install as an experiment.
                          The only way to have persistent and extensive logging on the box is to run a syslog server directly on pfSense. There are some instructions on the forum on how to do that but I've never tried it and it's not a supported configuration.

                          This seems like it could be a great package. Perhaps a bounty could be raised?

                          Steve

                          1 Reply Last reply Reply Quote 0
                          • M Offline
                            m4f1050
                            last edited by

                            Well, I will post results after the 2gb CF card arrives.

                            Right now I have mwall running on the 64mb CF that came with, but it's missing a LOT of nifty stuff I've seen on pfSense!  No sense in running fware when there is no support and limitations..!  And talk about no webgui!  :D

                            1 Reply Last reply Reply Quote 0
                            • S Offline
                              shanon
                              last edited by

                              Hi All.

                              After many years of running older versions of pfSense, I've run into a bit of a problem installing 2.0.x on my Firebox X8000.

                              I've been running 1.2.3 RC1 from a 2G CF card with no issues for some time.  I've put off upgrading to version 2 as I've got a customized bandwidthd installation on a USB flash drive to contend with, but tried to swap over today.

                              The problem that I have is with booting.  I've tried a few different images (2.0, 2.0.1, 512MB, 2GB) and don't get serial output or any substantial disk I/O, according to the "Storage" activity light.  I've also tried the FreeDOS BIOS utility image that Steve posted in the X-Peak thread to no avail.  I'm able to duplicate the content of my 1.2.3RC1 CF and boot from the replacement card fine, so the media seems OK.

                              Checking these boards for information on 2.x installs on the Firebox platform I was pleasantly surprised by the goldmine of technical information that has been shared about the X-Peak series!  The hard-won experience on this forum is that it should "just work".  I'm hoping someone here has a hunch as to what my issue may be…

                              I've compared MBRs and I've noticed that the partitioning scheme and boot code is different between my 1.2.3 install and the new version 2 images.  My suspicion is that the BIOS is being finicky about the bootstrapping process... My first aim is to get a BIOS tool into a bootable CF image.

                              Any thoughts?

                              EDIT: I've checked the old images and discovered that the switch to nanobsd happened in the 1.2.3 RELEASE image and that RC1 was the old 'embedded' image.  If its feasible enough, I may try to instrument the newer bootloader to mark progress (perhaps by flashing an LED or using BIOS disk write functions?).  I'm also hoping to get a spare flash chip or two and a compatible writer to extract and modify the BIOS firmware -- looks to be a standard PLCC 'though I didn't remove the version label before re-racking the Firebox.  If anyone has chip details, I'd be much obliged :)

                              Thanks.

                              • Shanon
                              1 Reply Last reply Reply Quote 0
                              • M Offline
                                m4f1050
                                last edited by

                                @m4f1050:

                                Well, I will post results after the 2gb CF card arrives.

                                Right now I have mwall running on the 64mb CF that came with, but it's missing a LOT of nifty stuff I've seen on pfSense!  No sense in running fware when there is no support and limitations..!   And talk about no webgui!   :D

                                One word…  Amazing!  I used m******* for a few days and it was alright, I even liked it more than f*******, but I recently upgraded to pfSense and I have to admit, im impressed!  It really does compete with the big dogs!

                                Got everything setup and running (except lcd/light/buttons)  anybody have a good working guide for those 3 things?

                                1 Reply Last reply Reply Quote 0
                                • S Offline
                                  shanon
                                  last edited by

                                  @m4f1050:

                                  One word…  Amazing!  I used m******* for a few days and it was alright, I even liked it more than f*******, but I recently upgraded to pfSense and I have to admit, im impressed!  It really does compete with the big dogs!

                                  Got everything setup and running (except lcd/light/buttons)  anybody have a good working guide for those 3 things?

                                  Steve (stephenw10) has done some great work in those respects, but you'll need to do some manual work to integrate them into your config.

                                  For LED control, see http://forum.pfsense.org/index.php/topic,32013.msg187336.html#msg187336.  You'll need to download WGXepc from elsewhere in the thread (writeio and some other useful tools can be downloaded from https://sites.google.com/site/pfsensefirebox/)

                                  For LCD and button support you can install lcdproc (I used a packaged version for 1.2.3; I believe that another member has also made a package for 2.0 but I haven't got that far yet).  You'll need an updated sdeclcd.so library to copy to /usr/local/lib/lcdproc.  Alternatively, Steve has bundled-up the required files and attached to http://forum.pfsense.org/index.php/topic,7920.msg207659.html#msg207659.

                                  Finally, you'll need to update (or create new) startup scripts to match your needs and wishes.  If all you want to do is to switch the Armed LED to green once the firewall is up, and are happy with the default LCD screens that are displayed, you shouldn't have much left to do.

                                  1 Reply Last reply Reply Quote 0
                                  • stephenw10S Offline
                                    stephenw10 Netgate Administrator
                                    last edited by

                                    Thanks to some great efforts by both fmertz (who re-wrote the driver so it could be included in the lcdproc source) and mdima (who has updated the lcdproc package) the firebox LCD is now supported by a proper pfSense package.  ;D
                                    The package is currently called lcdproc-dev and is available through the web gui.
                                    After you install set the driver to Firebox, port to lpt0 and size to 2x20. Save that. Select some screens to display on the second tab. Save that. Now go to Status: Services: and start the lcdproc service.
                                    It is still being worked on, I am having trouble with in on the x-peak box, but any feedback would be appreciated.
                                    http://forum.pfsense.org/index.php/topic,44034.90.html
                                    It's based on the latest v0.55 lcdproc which is bleeding edge stuff! However it seems to be working fine for most people.

                                    Steve

                                    1 Reply Last reply Reply Quote 0
                                    • stephenw10S Offline
                                      stephenw10 Netgate Administrator
                                      last edited by

                                      Shanon, I am currently running my X6000 from a Transend 4GB CF with a 1GB image. I had flashed this with the 2.0RC3 image originally, from Windows, and then upgraded to 2.0.1.
                                      You could try upgrading your 1.2.3 install via the firmware menu in the gui.

                                      If you have any bios writing experience then fixing the console re-direct function on this box would be nothing short of awsome!  :)

                                      Steve

                                      Edit: JimP has unlocked the X-Peak thread so please continue this discussion there so as not to have confusing information in this thread.  :)

                                      1 Reply Last reply Reply Quote 0
                                      • M Offline
                                        m4f1050
                                        last edited by

                                        This is awesome guys, thanks!!!  Today is family day but you betcha imma jump on this as soon as I can and post findings (or concerns)

                                        On eBay I saw someone selling a firebox x500 with all of these 3 things fully working! He shows them working on a yt video, you can go through a menu where you can restart the webgui, backup/restore, even set ro/rw the cf, etc etc.

                                         http://cgi.ebay.com/itm/270893406216
                                        
                                        1 Reply Last reply Reply Quote 0
                                        • stephenw10S Offline
                                          stephenw10 Netgate Administrator
                                          last edited by

                                          Yes I've seen that. I'm fairly sure that's forum user Brak, but I could be wrong.
                                          Anyway he seems to selling at a very reasonable price so good luck to him.  :)

                                          What he doesn't mention is that using the old lcdproc tar ball and the WGXepc program you have to reload all that stuff after each firmware update which is pretty tedious. Using a proper package will mean it isn't lost.
                                          His lcdexec (the custom menus) implementation is pretty sweet though. Hopefully he might contribute it to the community sometime.

                                          Steve

                                          1 Reply Last reply Reply Quote 0
                                          • B Offline
                                            Brak
                                            last edited by

                                            Indeed that is me, I do hope no one finds my prices too high, as I'm more than willing to ship internationally (that's my main business since not many used fireboxes have international willing sellers.) The units are also completely upgraded with RAM and CPUs, plus I replace any super-loud fans (I can tell when I get a loud firebox unit just by the change in pitch in my server room through the wall, and that place has 10+ servers humming away). I think that's a fair price considering I'm more than willing to go out of my way to help people with their units or configuration after they buy. As for the updates, I make new images available to my buyers so they can have a seamless upgrade experience if they want it. I wish I was good enough to make my own update server, but I haven't yet been able to figure out making nanobsd update images or how they even work.

                                            I'm doing to this to work on building enough money to start making real/new firewall appliances with pfSense running on them (and help pay for college, lol). Working on finding a good manufacturer right now.

                                            As for the menu, I will be releasing it publicly and also moving my refurb units over once I can iron out why on earth it doesn't work with the real LCDProc/LCDProc-dev package. Either it never starts, or eventually crashes the whole unit or LCDProc… : / I do actually have an easy to use automatic installer for the just the LCD/LED stuff incase the reimage isn't a viable option, but I've had issue with it working consistently.

                                            I actually have an even cooler version of the menu that will be able to let you change interface IPs, reset the DHCP servers to work on them, and change a few other settings. That said, until I can keep the units from locking up which is completely unacceptable, I can't really go too far with it. Stephen, I know you mentioned hard locks when using the LCDProc-Dev package in the other thread, do you think maybe we're seeing the same issue?

                                            Also, if anyone knows anything... I guess I see so many fireboxes thru my door, I see hardware variances that no one else have ever noticed... But what's up with the fireboxes with the always on but dim LED back-light? Software can't control it, and while it does illuminate the screen, it's no where near as bright as a usual unit. Also, there is a variation with only 2 case fans. I know these aren't DIY removals of bad fans since the box is still factory sealed, and there isn't even a 3rd fan header off the PSU... Just a strange difference I noticed.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.